AAA Authentication

Recall that AAA stands for Authentication, Authorization, and Accounting. Authentication is the process of verifying a user’s identity to determine whether the user should be allowed access to a device. Authorization is the act of limiting or permitting access to certain features within the device once a user has been authenticated. Accounting is the recording of actions taken by the user once she has been authenticated and authorized. In this section, I will cover only authentication, as it is the most commonly used feature offered by AAA.

To use AAA authentication on an IOS switch or router, you must perform the following steps:

  1. Enable AAA by entering the aaa new-model command.

  2. Configure security server information, if you’re using a security server. This step includes configuring TACACS+ and RADIUS information.

  3. Create method lists by using the aaa authentication command.

  4. Apply the method lists to interfaces or lines as needed.

In NX-OS, the commands are similar, but there is no aaa new-model command.

Enabling AAA

To use the AAA features discussed here, you’ll need to issue the command aaa new-model:

Router(config)#aaa new-model

If you don’t execute this command, the AAA commands discussed in this section will not be available. This step is not necessary in NX-OS.


Be careful when configuring AAA for the first time. You can easily lock yourself out of the router by enabling AAA authentication without configuring any users.

Configuring Security Server Information ...

Get Network Warrior, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.